Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
4 vulnerabilities found for Web-Based Inventory and POS System by code-projects
CVE-2025-11431 (GCVE-0-2025-11431)
Vulnerability from nvd – Published: 2025-10-08 04:02 – Updated: 2025-10-08 14:18 X_Freeware
VLAI
Title
code-projects Web-Based Inventory and POS System transaction.php sql injection
Summary
A vulnerability was determined in code-projects Web-Based Inventory and POS System 1.0. The impacted element is an unknown function of the file /transaction.php. This manipulation of the argument shopid causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.327368 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.327368 | signaturepermissions-required |
| https://vuldb.com/?submit.666277 | third-party-advisory |
| https://github.com/asd1238525/cve/blob/main/SQL7.md | exploit |
| https://code-projects.org/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| code-projects | Web-Based Inventory and POS System |
Affected:
1.0
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-11431",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-08T14:18:15.866117Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-08T14:18:28.896Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/asd1238525/cve/blob/main/SQL7.md"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Web-Based Inventory and POS System",
"vendor": "code-projects",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "LT202108729 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was determined in code-projects Web-Based Inventory and POS System 1.0. The impacted element is an unknown function of the file /transaction.php. This manipulation of the argument shopid causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in code-projects Web-Based Inventory and POS System 1.0 gefunden. Dies betrifft einen unbekannten Teil der Datei /transaction.php. Mittels Manipulieren des Arguments shopid mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit ist \u00f6ffentlich verf\u00fcgbar und k\u00f6nnte genutzt werden."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "SQL Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-08T04:02:06.936Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-327368 | code-projects Web-Based Inventory and POS System transaction.php sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.327368"
},
{
"name": "VDB-327368 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.327368"
},
{
"name": "Submit #666277 | code-projects Web-Based Inventory and POS System 1.0 SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.666277"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/asd1238525/cve/blob/main/SQL7.md"
},
{
"tags": [
"product"
],
"url": "https://code-projects.org/"
}
],
"tags": [
"x_freeware"
],
"timeline": [
{
"lang": "en",
"time": "2025-10-07T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-10-07T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-10-07T15:02:18.000Z",
"value": "VulDB entry last update"
}
],
"title": "code-projects Web-Based Inventory and POS System transaction.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-11431",
"datePublished": "2025-10-08T04:02:06.936Z",
"dateReserved": "2025-10-07T12:57:14.988Z",
"dateUpdated": "2025-10-08T14:18:28.896Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-11424 (GCVE-0-2025-11424)
Vulnerability from nvd – Published: 2025-10-08 02:02 – Updated: 2025-10-08 17:34 X_Freeware
VLAI
Title
code-projects Web-Based Inventory and POS System login.php sql injection
Summary
A vulnerability was determined in code-projects Web-Based Inventory and POS System 1.0. This impacts an unknown function of the file /login.php. Executing manipulation of the argument emailid can lead to sql injection. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.327359 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.327359 | signaturepermissions-required |
| https://vuldb.com/?submit.666209 | third-party-advisory |
| https://github.com/Real-Rio/vulnreport/blob/main/… | exploit |
| https://code-projects.org/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| code-projects | Web-Based Inventory and POS System |
Affected:
1.0
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-11424",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-08T13:28:26.537492Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-08T17:34:27.604Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/Real-Rio/vulnreport/blob/main/SQL6.md"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Web-Based Inventory and POS System",
"vendor": "code-projects",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "riovulntest (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was determined in code-projects Web-Based Inventory and POS System 1.0. This impacts an unknown function of the file /login.php. Executing manipulation of the argument emailid can lead to sql injection. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized."
},
{
"lang": "de",
"value": "In code-projects Web-Based Inventory and POS System 1.0 ist eine Schwachstelle entdeckt worden. Es geht hierbei um eine nicht n\u00e4her spezifizierte Funktion der Datei /login.php. Die Manipulation des Arguments emailid f\u00fchrt zu sql injection. Der Angriff kann \u00fcber das Netzwerk erfolgen. Die Ausnutzung wurde ver\u00f6ffentlicht und kann verwendet werden."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "SQL Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-08T02:02:09.166Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-327359 | code-projects Web-Based Inventory and POS System login.php sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.327359"
},
{
"name": "VDB-327359 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.327359"
},
{
"name": "Submit #666209 | code-projects Web-Based Inventory and POS System 1.0 SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.666209"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/Real-Rio/vulnreport/blob/main/SQL6.md"
},
{
"tags": [
"product"
],
"url": "https://code-projects.org/"
}
],
"tags": [
"x_freeware"
],
"timeline": [
{
"lang": "en",
"time": "2025-10-07T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-10-07T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-10-07T13:46:41.000Z",
"value": "VulDB entry last update"
}
],
"title": "code-projects Web-Based Inventory and POS System login.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-11424",
"datePublished": "2025-10-08T02:02:09.166Z",
"dateReserved": "2025-10-07T11:41:14.907Z",
"dateUpdated": "2025-10-08T17:34:27.604Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-11431 (GCVE-0-2025-11431)
Vulnerability from cvelistv5 – Published: 2025-10-08 04:02 – Updated: 2025-10-08 14:18 X_Freeware
VLAI
Title
code-projects Web-Based Inventory and POS System transaction.php sql injection
Summary
A vulnerability was determined in code-projects Web-Based Inventory and POS System 1.0. The impacted element is an unknown function of the file /transaction.php. This manipulation of the argument shopid causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.327368 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.327368 | signaturepermissions-required |
| https://vuldb.com/?submit.666277 | third-party-advisory |
| https://github.com/asd1238525/cve/blob/main/SQL7.md | exploit |
| https://code-projects.org/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| code-projects | Web-Based Inventory and POS System |
Affected:
1.0
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-11431",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-08T14:18:15.866117Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-08T14:18:28.896Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/asd1238525/cve/blob/main/SQL7.md"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Web-Based Inventory and POS System",
"vendor": "code-projects",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "LT202108729 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was determined in code-projects Web-Based Inventory and POS System 1.0. The impacted element is an unknown function of the file /transaction.php. This manipulation of the argument shopid causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in code-projects Web-Based Inventory and POS System 1.0 gefunden. Dies betrifft einen unbekannten Teil der Datei /transaction.php. Mittels Manipulieren des Arguments shopid mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit ist \u00f6ffentlich verf\u00fcgbar und k\u00f6nnte genutzt werden."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "SQL Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-08T04:02:06.936Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-327368 | code-projects Web-Based Inventory and POS System transaction.php sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.327368"
},
{
"name": "VDB-327368 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.327368"
},
{
"name": "Submit #666277 | code-projects Web-Based Inventory and POS System 1.0 SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.666277"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/asd1238525/cve/blob/main/SQL7.md"
},
{
"tags": [
"product"
],
"url": "https://code-projects.org/"
}
],
"tags": [
"x_freeware"
],
"timeline": [
{
"lang": "en",
"time": "2025-10-07T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-10-07T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-10-07T15:02:18.000Z",
"value": "VulDB entry last update"
}
],
"title": "code-projects Web-Based Inventory and POS System transaction.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-11431",
"datePublished": "2025-10-08T04:02:06.936Z",
"dateReserved": "2025-10-07T12:57:14.988Z",
"dateUpdated": "2025-10-08T14:18:28.896Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-11424 (GCVE-0-2025-11424)
Vulnerability from cvelistv5 – Published: 2025-10-08 02:02 – Updated: 2025-10-08 17:34 X_Freeware
VLAI
Title
code-projects Web-Based Inventory and POS System login.php sql injection
Summary
A vulnerability was determined in code-projects Web-Based Inventory and POS System 1.0. This impacts an unknown function of the file /login.php. Executing manipulation of the argument emailid can lead to sql injection. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.327359 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.327359 | signaturepermissions-required |
| https://vuldb.com/?submit.666209 | third-party-advisory |
| https://github.com/Real-Rio/vulnreport/blob/main/… | exploit |
| https://code-projects.org/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| code-projects | Web-Based Inventory and POS System |
Affected:
1.0
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-11424",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-08T13:28:26.537492Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-08T17:34:27.604Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/Real-Rio/vulnreport/blob/main/SQL6.md"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Web-Based Inventory and POS System",
"vendor": "code-projects",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "riovulntest (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was determined in code-projects Web-Based Inventory and POS System 1.0. This impacts an unknown function of the file /login.php. Executing manipulation of the argument emailid can lead to sql injection. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized."
},
{
"lang": "de",
"value": "In code-projects Web-Based Inventory and POS System 1.0 ist eine Schwachstelle entdeckt worden. Es geht hierbei um eine nicht n\u00e4her spezifizierte Funktion der Datei /login.php. Die Manipulation des Arguments emailid f\u00fchrt zu sql injection. Der Angriff kann \u00fcber das Netzwerk erfolgen. Die Ausnutzung wurde ver\u00f6ffentlicht und kann verwendet werden."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "SQL Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-08T02:02:09.166Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-327359 | code-projects Web-Based Inventory and POS System login.php sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.327359"
},
{
"name": "VDB-327359 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.327359"
},
{
"name": "Submit #666209 | code-projects Web-Based Inventory and POS System 1.0 SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.666209"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/Real-Rio/vulnreport/blob/main/SQL6.md"
},
{
"tags": [
"product"
],
"url": "https://code-projects.org/"
}
],
"tags": [
"x_freeware"
],
"timeline": [
{
"lang": "en",
"time": "2025-10-07T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-10-07T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-10-07T13:46:41.000Z",
"value": "VulDB entry last update"
}
],
"title": "code-projects Web-Based Inventory and POS System login.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-11424",
"datePublished": "2025-10-08T02:02:09.166Z",
"dateReserved": "2025-10-07T11:41:14.907Z",
"dateUpdated": "2025-10-08T17:34:27.604Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}